Thursday, March 6, 2014

ASM System Privileges


An ASM instance does not have a data dictionary, so the only way to connect to an ASM instance is by using one of three system privileges: SYSASM, SYSDBA, or SYSOPER.

The SYSDBA privilege on the ASM instance grants access to data stored on ASM. To use SQL*Plus commands to manage ASM components associated with the database, connect as SYSDBA to the database instance rather than the ASM instance. 
 
  • Users connected as SYSDBA can create and delete files, aliases, directories, and templates; examine various ASM instance views; operate on files that were created by this user; access files to which another user has explicitly granted access; and grant ASM file access control to other users. 
  •  Users connected with the SYSDBA privilege cannot create or resize a disk group.
  • Note: By default, ASMCMD attempts to connect as SYSDBA based on the OS group.
Users who are granted the SYSOPER privilege on the ASM instance are allowed to start up, shut down, mount, dismount, and check disk groups (but not repair). 
 
  • Other operations, such as CREATE DISKGROUP and ADD/DROP/RESIZE DISK, require the SYSASM privilege and are not allowed with the SYSOPER privilege. The SYSOPER privilege does not allow access to system views—for example, v$asm_*.
During installation, the ASMSNMP user with SYSDBA privileges is created for monitoring the Oracle ASM instance.

No comments:

Post a Comment